Tag: Continues | Page 2

Ransomware attack fallout continues at several CT hospitals

August 9, 2023/in Internet Security

Some services remain down at Eastern Connecticut Health Network and Waterbury Health on Tuesday, days after the hospital systems’ parent company reported being hit by a ransomware attack.

Eastern Connecticut Health Network, or ECHN, operates Manchester Memorial Hospital and Rockville General Hospital in Vernon. Waterbury Health operates Waterbury Hospital. Both are owned by Prospect Medical Holdings, a California-based company that also owns hospitals there as well as in Pennsylvania and Rhode Island.

The company said Tuesday there were no updates and did not answer questions regarding when services and locations that have closed will be back up and running or if confidential information was exposed in the attack.

Article continues below this ad

ECHN’s website as of Tuesday still displayed a banner stating it “along with all Prospect Medical facilities, is experiencing a systemwide outage.”

“We are working to resolve the issue as soon as possible and regret any inconvenience,” the banner stated. It included a link to a page listing which services and locations were closed.

As of Tuesday, the page said Evergreen and Tolland Imaging, outpatient blood drawing, urgent care and its Women’s Center are closed, along with outpatient medical imaging on weekdays.

Waterbury Health’s Facebook page also listed several locations or services that were shut down due to the “data security incident.’

Article continues below this ad

“We are following downtime procedures including the use of paper records. The outage has affected some of our outpatient services, mostly diagnostic imaging and blood draw and some patient appointments,” the organization said in a post on Tuesday. “We have contacted and will continue to contact any affected patients.”

The post said Waterbury Health’s blood draw locations are closed, except for an outpatient blood drawing location at Waterbury Hospital.

Women’s Imaging and Open MRI in Southbury are both closed, as is Diagnostic Radiology Associates, which has locations in Waterbury, Middlebury and Southbury.

Article continues below this ad

The phrase refers to a type of cyber security breach where adversaries plant malware or break…

Source…

First TikTok, Now Nvidia—U.S. Continues To Tighten National Security

July 4, 2023/in Computer Security

WASHINGTON, DC – JULY 25: U.S. President Joe Biden participates virtually in a meeting on the … [+] Creating Helpful Incentives to Produce Semiconductors (CHIPS) for America Act, in the South Court Auditorium at the White House on July 25, 2022 in Washington, DC. The meeting was held for President Biden to hear from CEOs and labor leaders on the way funding for production of computer chips would impact them. The meeting was also attended by U.S. Secretary of Commerce Gina Raimondo, U.S. Deputy Secretary of Defense Kathleen Hicks, Brian Deese, Director of the National Economic Council and National Security Advisor Jake Sullivan. (Photo by Anna Moneymaker/Getty Images)

Getty Images

Geopolitical tension between the U.S. and China continues to ensue. With continuous efforts to secure America’s supply chain and increase national security to upend China’s dominance in the manufacturing and technology sectors, the U.S. government is doubling down on its measures to ensure America’s safety and economic prosperity.

Earlier this year, we saw TikTok’s CEO Shou Chew appear before Congress to defend the popular social media platform against concerns of national security due to its alleged ties to the Chinese Communist Party. With over 150 million American users—half of the U.S. population, lawmakers’ skepticism over TikTok’s ability to protect user data sparked a heated debate on whether TikTok’s parent company, ByteDance—a Chinese-owned company—would be forced to cooperate with China if requested to fork over data of U.S. citizens. During the congressional hearing, House Energy and Commerce Chair Cathy McMorris Rodgers (R-Wash) said, “TikTok surveils us all and the Chinese Communist Party is able to use this as a tool to manipulate America as a whole…We do not trust TikTok will ever embrace American values. Your platform should be banned.”

Just months after the viral showdown between TikTok and Congress, the fight over national security concerns has not abated. Refusing to relent on perceived threats of national security, the U.S. government continues to hammer down guardrails to secure the nation—now, with increased restrictions on AI chip exports to China.

Source…

Dallas municipal court building closed as ransomware recovery continues

May 22, 2023/in Internet Security

Dallas’ municipal court building is closed this week as impacts from a ransomware attack 19 days ago have stopped hearings, trials and jury duty, and blocked the city from accepting nearly all forms of citation payments.

An online notice on the city’s court and detention services website Monday said the municipal court building at 2014 Main Street isn’t planned to reopen until May 30. People can mail in payments for citations or documents, but they won’t be processed until after the court’s system is restored.

The building remained open in the two weeks since the May 3 ransomware attack to provide general information on citations while the system was down. All hearings that were scheduled since May 3 will be rescheduled, and people haven’t been able to make payments in person, online or by phone.

The court hears cases for people accused of violations, including city ordinances, traffic infractions and class C misdemeanors. Warrants can be issued for people who don’t pay fines and fees collected by the court.

The city said new court dates will be mailed once the system is restored.

Source…

Over 83,000 ESXi servers are internet-exposed as mass attack continues

February 8, 2023/in Internet Security

Over 2,500 ESXi servers around the world have now been hit by ransomware as part of a spray-and-pray campaign that began on Friday evening – with VMware affirming that it has “not found evidence that suggests an unknown vulnerability (0-day) is being used to propagate the ransomware used in these recent attacks.”

Initial reports suggested that a vulnerability from early 2021 was being exploited. Some security researchers had been somewhat sceptical that not only were thousands of ESXi users not patching against severe remote code execution (RCE) vulnerabilities two years old but also directly exposing unpatched servers to the internet.

The campaign also began just days after security researchers published an exploit that lets remote and unauthenticated attackers take over VMware’s log management tool vRealize Log Insight as root user by chaining three vulnerabiities that VMware disclosed on January 25, 2023. Two of the CVEs used (CVE-2022-31706, CVE-2022-31704) are remote code execution (RCE) bugs with critical CVSS ratings of 9.9.

There is no suggestion that this exploit is being used in the ESXi ransomware attacks.

SecurityScorecard’s Attack Surface IntelligenceASI tool detects some version of ESXi in use at 139,491 IP addresses worldwide. Not all of these will be vulnerable to the ongoing campaign. Shodan searches meanwhile suggest that 83,476 ESXI servers can be found online; the vast majority of these running version 6.7.

ESXi Servers exposed to the internet

ESXi versions exposed to the internet: Credit, Shodan.

VMware emphasised in a short blog on February 6 that “Most reports state that End of General Support (EOGS) and/or significantly out-of-date products are being targeted with known vulnerabilities”.

The ESXi ransomware campaign is targeting CVE-2021–21974, a VMware ESXi OpenSLP HeapOverflow leading to remote code execution that was first disclosed via the Zero Day Initiative (ZDI) by Lucas Leong.

Admins should ensure unpatched and exposed ESXi servers are firewalled, with no ports exposed. VMware’s earlier mitigation for the vulnerability urged users to 1: Login to the ESXi hosts using an SSH session (such as putty); 2:…

Source…

Tag Archive for: Continues

ESXi Servers exposed to the internet